I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

Three Crooked Squirrels:I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

Three Crooked Squirrels:I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.

pippi longstocking:Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.

They do (granted, a weak crypto), but they found malware that takes it out of RAM before encryption on some of the POS machines.

pippi longstocking:Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.

dletter:Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?

If the company has a physical presence in CA and the victim resides in CA then SB 1386 will require that the company notify the victim in writing about their data being compromised. This also assumes a couple of other things, that CC /and/ PIN were compromised, SSN, CA DL or ID # were compromised or some combination of the above occurred.

What is an encrypted hash? I think you might have meant cryptographic hash (or just hash).

Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?

As I said to a co-worker a couple of weeks back: I'm waiting for the Walmart shoe to drop. I kinda expect they wouldn't say anything if they didn't have to, they'd keep it quiet to try to kill the competition.

Phony_Soldier:I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT

Biggest tipoff that your card got hacked is when you first start to see a dollar amount made out to some bullsh*t charity like "Permanently Disabled Jockeys" (yes, I kid you not). That's the hacker testing the card in a tiny, unnoticable way and if it comes back to them as usable, then you're gonna start finding out that you gave everyone in Nigeria a free PS4 and recharged the phones for everyone in Egypt.

Huck And Molly Ziegler:The federal government spends a lot of money to physically MAKE money.We might as well go back to using it more often, in my opinion.

Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants.

Somebody makes money off of cashless transactions. My bet is that if consumers rebelled and suddenly started using more cash, security measures would improve.

I *had* been doing that, partly as a way to keep track of my own spending. Cash or check; too easy to lose receipts on the debit card. I have a no annual fee CC locked up for dire emergencies or international trips.

I finally broke and got a new debit card *right* around the time this all went down. Told myself I'd still take out cash, but I've already broke a few times and used it. It's too goddamn easy.

Still... when I want to Target yesterday I ended up spending all of my cash but a few singles and change. Probably safer there then anywhere else at this point (probably), but could *not* bring myself to run it. And now I have to run to the bank tonight. Whee.

reductive:Here is the actual email that Target sent to offer credit monitoring services. The garbled headers and third party domain speak for themselves. Of course getting hacked was some kind of crazy fluke.

[i.imgur.com image 850x515]

I've seen major banks do the same with e-mail, it's not limited to merchants.

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent. During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.

jonny_q:Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

you might be ok:https://corporate.target.com/discover/article/free-credit-monitoring -a nd-identity-theft-protecti

I actually didn't use the link in the e-mail. I backed out and accessed the offer directly from Target's website, so I was pretty sure I was OK. But when I originally got the e-mail, I was thinking that it would be a pretty good way to dupe people into giving up more sensitive information if any nefarious individuals wanted to do so.

cannotsuggestaname:Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?

Blame the merchants -- they're the ones that don't want to spend the money to upgrade their equipment so they could accept chip cards.

But after this mess, you'd think Target and other merchants would just make the charge to try and rebuild consumer confidence in credit card security.

Three Crooked Squirrels:I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.

Clutch2013:Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen. They are offering a year of free credit monitoring through Experian. So I went and signed up for the coverage. But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.

Anything offering or asking me to sign up for anything I haven't requested = instant delete. I do this with snail mail too, using the shredder. Don't even open the damn things.

fireclown:Huck And Molly Ziegler: Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants

It did a ton of good for me when I had to buckle down and get my financial shiat together. Actually HANDING a merchant something physical make you less likely to spend the cash.

I'm the opposite. Cash has already been mentally deducted from my checking account so I spend more with cash.

Plus I put EVERYTHING on a rewards card that gives me free mileage. Usually earn 4-5 flights a year for free.

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent. During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.

You're telling people to use paypal and you think that you're credit card was compromised because of usage on steam?